How Even Highly-Targeted Censorship Can Lead To Overblocking

from the unintended-consequences dept

As the battle rages over SOPA and PIPA, censorship is very much on people's minds. But there are many different kinds of censorship, operating at different levels of precision. For example, while some forms are crude and inexact, like Homeland Security's shutdown of 84,000 sites, others are highly targeted, and designed to block in a very specific way.

That's the case for the attempted blocking of Newzbin2 in the UK. The judge, Justice Arnold, ordered the ISP BT to take a two-stage approach (possible thanks to the pre-existing "Cleanfeed" system it had set up to block child pornography).

If an IP address matches one of those contained in the blocking list, the request to access the site is routed to a proxy server where the exact URL – the specific address including the directory and filename – is examined. If that matches too, access is denied. The judge specified this technique, rather than simply ordering the IP address to be blocked, for an important reason, which he explained in one of his rulings:

the Studios now accept that the order should refer to IP address re-routing and not IP address blocking. It appears that IP address blocking could lead to "overblocking" of sites or pages that ought not to be blocked.

The first is that Newzbin will - and there's strong evidence they have done already, several times - change their IP address. It is well known that IP addresses have all but run out. Nearly all IP addresses allocated are recycled - they've been in use before.

Pity the website owner who picks up Newzbin's old IP address. Under Arnold, J's BT ruling the new owner of the IP address would have some solace in that the URL would not match, therefore BT customers would still be able to access the website, albeit via a proxy. Re-routing via the proxy may cause some minor problems, but that's a bit of a side issue.

In the case of Sky, [another UK ISP now blocking Newzbin2] unless Sky happen to also use a 2-stage blocking system [like BT] - and my contacts tell me they do not - then whoever picks up the old recycled IP addresses from Newzbin will find themselves blocked.

As Firth points out, one of the many worrying aspects of the Newzbin2 judgment is that there doesn't appear to be any mechanism for removing IP addresses once they have been placed on the blocking list – even if they are no longer used by Newzbin2. Adding new ones, by contrast, is explicitly permitted:

sites "whose sole or predominant purpose is to enable or facilitate access to the Newzbin[2] website" (para 10) can find themselves blocked, again without re-application to the court. If someone creates a website explaining how to work around the block, and this website did very little else but explain how to access Newzbin, it too could be blocked.

That would lead to yet more IP addresses being added to the list, which might then be handed out again to new users as they are recycled from ephemeral sites that pop up and then disappear.

What Firth's analysis shows is how even relatively "sophisticated" censorship systems that aim to minimize damage to other sites can lead to overblocking because not every situation can be foreseen or planned for. Now imagine what SOPA/PIPA will do.

If you want a domain name or IP formerly used by a pirate or pedophile then you must be one yourself. It is our longstanding policy to never purge our database of bad or old information. We keep a file on everybody. Just ask anyone named Yusuf Islam if they've been able to get on a plane lately! HAHAHAHA!

What about HTTPS?

Making it impossible to determine "the specific address including the directory and filename" is one of SSL's design goals. And the Internet is gradually moving towards using more and more HTTPS. Overblocking is unavoidable.

Re:

No.. that won't work... The only true anser is to give control of the internet to Hollywood. Let them hand out the IPs to the people that need them (plus a cut of any profits) that is the only way the internet will be free of pirates.

Of course this is a pipe dream for those folks but hey they be smokin' the pipe this long.....

Sounds like you're complaining about a non-problem.

The system, as you describe it, would NOT block legitimate new holders of an IP address. What's more, it could automatically "learn" that the illegal material was no longer at its old IP and stop re-routing traffic for that IP

Re:

No, it is not like a court order to hold a car.

A car is a physical object that takes up space and is easily noticed.

An IP address is a string of numbers of little consequence to anyone except the poor sap that was assigned that IP address for his myfamilyblog.info site he decided to set up because his brother in law told him he should. Now he sits trying to figure out why no one in his family can access the site, but since to him url and IP are the same thing he has no clue how to proceed. No one is going to bother cleaning up IP addresses, least of all those that were responsible for getting them blocked in the first place.

His only hope is that someone like you that has an overarching desire to set things right in the world will invest the necessary time and effort to resolve his problem.

Sorry AC but if we leave it to the likes of you to set things right we have every reason to be scared.